GE910-QUAD SLL HTTPS google connection issue

21 thoughts on “GE910-QUAD SLL HTTPS google connection issue

  1. Hi,

    I’m trying to connect my GE910-QUAD to Google Fusion Tables but I’ve got a issue with the HTTPS connection.

    I followed the instructions and I downloaded the certificate (see attached – I changed .crt into .txt to upload it) into the module but I’m not sure its version is supported.

    Here the sequence:

    (certificate loaded into the module)

    AT#SSLEN=1,1
    OK

    AT#SSLSECCFG=1,0,1
    OK

    AT#HTTPCFG=0,”accounts.google.com”,443,0,,,1,120,1
    ERROR

    I can’t get any further than the AT#HTTPCFG. Any idea?

    Cheers,

    Dario

      1. Set AT+CMEE=2 and try again; query AT+CGMR and report module firmware version.

        Hi Cosmin,

        AT+CGMR
        13.00.004

        AT#HTTPCFG=0,”accounts.google.com”,443,0,,,1,120,1
        +CME ERROR: operation not supported

        Is there any newer firmware version to be downloaed? I’ve requested access to the download zone but I’m not allowed in yet.

        Thanks,

        Dario

        1. Oh that’s old, 2013 version! If not only for HTTPCFG, put the one you have in your mailbox (just sent it now).

          1. Oh that’s old, 2013 version! If not only for HTTPCFG, put the one you have in your mailbox (just sent it now).

            Not received yet I’m afraid…

            I bought the modules few weeks ago through one of Telit resellers, it sounds weird that the firmware is outdated…

            Sorry, but what do you mean exactly with “If not only for HTTPCFG”? Might I get any other issue upgrading the new firmware?

            Is there any guide/software to download the firmware file?

            Thanks,

            Dario

          2. I sent it to your .uk address. What is newer is of course better in features and bug fixing.

            The upgrading procedures are described in the “Telit Modules Software User Guide” doc. 

          3. A little update.

            I finally received your mail with new (.008) firmware version. I used Xfp to download it and everything seems fine.

            However I still have some issues. After installing the new firmware (but I got a similar a problem with the previous firmware version) I tried a http connection to http://www.google.co.uk and everything worked fine (I downloaded the page as it should be). After this first step I tried to setup the module for an https connection:

            certificate download              //OK

            AT#SSLEN=1,1                          //SSL enable OK
            OK

            AT#SSLSECCFG=1,0,1               //SSL security config
            OK

            AT#SSLSECDATA=1,2,1              //check certificate

            #SSLSECDATA: 1,1
            -----BEGIN CERTIFICATE-----
            MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
            MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
            YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
            EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
            R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
            9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
            fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
            iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
            1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
            bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
            MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
            ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
            uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
            Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
            tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
            PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
            hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
            5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
            -----END CERTIFICATE-----

            OK

            AT#HTTPCFG=0,"accounts.google.com",443,0,,,1,120,1    //(after the firmware update this is ok)
            OK

            AT#HTTPQRY=0,0,"/"

            +CME ERROR: connection failed

            I also tried AT#SSLEN=1,0 before AT#HTTPCFG but I got connection failed anyway.

            After that I tried again a simple http connection and it was not working anymore (with both AT#SSLEN=1,0 and AT#SSLEN=1,1).

            Any idea?

            Thanks.

            D

          4. I’m wondering if the certificate I downloaded is supported by the modem. Before getting +CME ERROR: connection failed it takes few seconds as if it is processing/sending something…

          5. The certificate that you are usign is not the right one.
            It should work with the attached one.

          6. Hi Taj,

            great! With the new certificate it is working. Where di you get it?

            BTW, at moment I’m using firmware version streamGE910-AZ-13.00.009.bin (received from the reseller).

            Thanks,

            Dario

          7. Hi Taj,

            great! With the new certificate it is working. Where di you get it?

            See “Telit SSL/TLS User Guide” doc, “How to Get the CA Certficate” paragraph.

          8. Hi Taj,

            great! With the new certificate it is working. Where di you get it?

            See “Telit SSL/TLS User Guide” doc, “How to Get the CA Certficate” paragraph.

            Yeah, it’s how I got mine. When did you download yours?

            Cheers,

            D

          9. I tried right before posting, I got the same file as Taj attached (Firefox).

            — update: sorry I have got the same file as you.

            From the doc:

            Note: the CA certificate obtained via the procedure described above may be different from
            the one actually sent by the server during the handshake. In these cases, contact the server
            administrator in order to obtain the CA certificate to be used.

            Note: if you use a CA certificate that is expired, the Telit?s module (client) detects the
            certificate expiration when it tries to perform the connection. An error message is displayed.
            To emulate the behaviour of Telit?s modules that ignore this check, it is necessary to
            disable automatic date/time updating using the AT#NITZ AT command and set current
            date before expiry data using AT#CCLK AT command

          10. Google is a more complex environment.
            I got that certificates with “openssl” cmd tools on Linux and I downloaded the entire chain that the server is sending.
                (openssl s_client -showcerts -connect http://www.google.com:443)

            The Geotrust certificate the you get with Firefox (for example) was an intermediate certificate in the past (signed itself by Equifax).
            So, Firefox already trusts this certificate that Google is sending to you as an intermediate and doesn’t validate the chan any further.
            The module can’t handle this kind of exceptions and continues towards the bottom of the chain.
            At the bottom is Equifax, the true root CA.

          11. I am using the UE-866 (firmware 808) and have identical problem reported.

            Trying to access https://google.ca

            Follow Telit SSL doc procedure to get the CA Certificate from my computer and did not work.

            But using the certifcate from Telt support, then it is fine…..

            For my computer, I have Kaspersky Anti-Virus installed.  When I check the certificate, all of them are issued by Kaspersky Lab…

          12. Google is a more complex environment.
            I got that certificates with “openssl” cmd tools on Linux and I downloaded the entire chain that the server is sending.
                (openssl s_client -showcerts -connect http://www.google.com:443)

            The Geotrust certificate the you get with Firefox (for example) was an intermediate certificate in the past (signed itself by Equifax).
            So, Firefox already trusts this certificate that Google is sending to you as an intermediate and doesn’t validate the chan any further.
            The module can’t handle this kind of exceptions and continues towards the bottom of the chain.
            At the bottom is Equifax, the true root CA.

            —> I would like to use UE-866 to access a private servr which is using (signed itself) certificate… As server did not have CA certificate.

            Is that meant this will not work or OK with different configurations ?

            I tried many different setting but still did not work

          13. —> I would like to use UE-866 to access a private servr which is using (signed itself) certificate… As server did not have CA certificate.

            Is that meant this will not work or OK with different configurations ?

            I tried many different setting but still did not work

            It is correct that the server doesn’t send the root CA. It is supposed that the client already has the root CA, to validate the indentity of the server that it is trying to access.

            A self signed certificate should work as well, there is nothing specific about them, but the person who created it must give it to you.

          14. The certificate that you are usign is not the right one.
            It should work with the attached one.

            It works but it says: This certificate was revoked by its certification authority.

          15. Hi,

            I’ve just found that to connect again using http (see previous post) it is necessary to specify all the parameters in the following command:

            AT#HTTPCFG=0,”www.google.co.uk”,80,0,,,0,120,1

            instead of:

            AT#HTTPCFG=0,”www.google.co.uk”.

            I can’t connect correctly using https yet

            Cheers

            D